Using BorderManager 3.6, Netware 5.1. All patches and updates

I have been trying to get Automatic Update Notification to work
through our proxy with little success. I turned on filter debug to
watch for dropped packets and saw that every time PC's check for
updates, they use port 80, even though for normal browsing, they use
port 8080. So, I figured, OK, I will just open port 80 to Microsoft
so the Automatic update notification will work.

Well, Microsoft owns a class B network. I set the filter exception
to with a mask of When I try to access
Microsoft without using the Proxy, The packets get dropped at the

If I set the exception to with a mask of, I

can access sites in that subnet. But Windows Update could use any
number of IP addresses in the subnet. This also happens
with other class B exceptions.

For example, If I set an exception of, mask of,

I cannot access Novell. But if I set the exception to,
mask, it works. For some reason, I cannot set an
exception for a class B network.

My public IP address is with a subnet mask of, since we have a class C, and our private subnet is with a mask of

This is very confusing. I though you could make an exception for anysize subnet as long as you followed the mask rules.

Any suggestion will be appreciated.